Skip to main content
The Creem API is built on REST principles and uses HTTPS for all requests. It returns JSON-encoded responses and uses standard HTTP status codes.

Base URL

All API requests are made to the following base URLs: 
https://api.creem.io/v1
The test and production environments are completely isolated. Data created in test mode does not affect your production environment, and API keys are not interchangeable between environments.

Authentication

All API requests must include your API key in the x-api-key header. 
curl -X GET https://api.creem.io/v1/products \
  -H "x-api-key: creem_YOUR_API_KEY"
You can find your API keys in the Developers section of your dashboard.
Never expose your API keys in client-side code, public repositories, or logs. Keep them server-side only.

Test Mode

Test mode gives you a full sandbox environment to build and test your integration without processing real payments.
ProductionTest Mode
Base URLhttps://api.creem.io/v1https://test-api.creem.io/v1
API KeysFound in dashboard (production mode)Found in dashboard (test mode toggle)
PaymentsReal chargesSimulated with test cards
DataLive dataIsolated sandbox data
To activate test mode, toggle Test Mode in the top navbar of your dashboard.

Test Cards

Use these card numbers to simulate different payment scenarios. All cards work with any future expiration date, any CVV, and any billing information.
Card NumberBehavior
4242 4242 4242 4242Successful payment
4000 0000 0000 0002Card declined
4000 0000 0000 9995Insufficient funds
4000 0000 0000 0127Incorrect CVC
4000 0000 0000 0069Expired card

Using Test Mode in Code

curl -X POST https://test-api.creem.io/v1/checkouts \
  -H "x-api-key: YOUR_TEST_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "product_id": "prod_YOUR_PRODUCT_ID",
    "success_url": "https://yoursite.com/success"
  }'

Webhooks

Creem sends real-time event notifications to your server via webhooks. Webhook payloads are signed using HMAC-SHA256 so you can verify their authenticity. Signature verification: Every webhook request includes a creem-signature header. Verify it using your webhook secret (found in Developers > Webhook) and the HMAC-SHA256 algorithm: 
import * as crypto from 'crypto';

function verifySignature(payload: string, secret: string, signature: string): boolean {
  const computed = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return computed === signature;
}
Supported events:
EventDescription
checkout.completedA checkout session was completed
subscription.activeA new subscription was created
subscription.paidA subscription payment was collected
subscription.canceledA subscription was canceled
subscription.scheduled_cancelA subscription is scheduled for cancellation at period end
subscription.past_dueA subscription payment failed
subscription.expiredA subscription period ended without payment
subscription.trialingA subscription started a trial
subscription.pausedA subscription was paused
subscription.updateA subscription was updated
refund.createdA refund was issued
dispute.createdA dispute was opened by a customer
Retry policy: If your endpoint doesn’t respond with HTTP 200, Creem retries at 30 seconds, 1 minute, 5 minutes, and 1 hour. You can also resend events manually from the dashboard.

Full Webhooks Guide

Detailed setup instructions, signature verification, and event payload examples.

Response Codes

StatusDescription
200Successful request
400Invalid parameters or validation error
401Missing API key
403Invalid API key or insufficient permissions
404Resource not found
429Rate limit exceeded
500Internal server error
Every error response includes a trace_id you can share with support for faster debugging. See Error Handling for details.

SDKs & Libraries

TypeScript SDK

Core SDK for Node.js and TypeScript projects

Next.js Adapter

Drop-in checkout and webhook helpers for Next.js

Better Auth Plugin

Integrate Creem billing with Better Auth

CLI

Manage products and checkouts from the terminal